![]() ![]() We have no evidence that this attack has been used in the wild, but it could be used by a motivated attacker to target a researcher, scientist, journalist, activist or privileged user with sensitive IP on their device, for example. The vulnerability allows an attacker with physical access to the device to manipulate the authentication process by capturing or recreating a photo of the target’s face and subsequently plugging in a custom-made USB device to inject the spoofed images to the authenticating host. ![]() What resulted was the discovery of a design flaw that allows an adversary to bypass Windows Hello’s facial recognition. Given Windows Hello’s prevalence, over the past few months the CyberArk Labs research team has been exploring potential weaknesses in the system in hopes of strengthening biometric security overall. According to Microsoft, Windows Hello is used by 85 percent of Windows 10 users, of which an undisclosed subset utilize facial recognition. One of the most widely adopted passwordless authentication systems is Windows Hello, which enables passwordless login via pin code, fingerprint or facial recognition. Biometric authentication is beginning to see rapid adoption across the enterprise as organizations look to incorporate passwordless solutions to help mitigate the numerous security risks inherent with password use. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |